Builds real-time incident response dashboards in Splunk, Elastic, or Grafana to provide SOC analysts and leadership
Manage incident response for Clerk authentication issues. Use when handling auth outages, security incidents, or production authentication problems.
Responds to security incidents in cloud environments (AWS, Azure, GCP) by performing identity-based containment,
Responds to phishing incidents by analyzing reported emails, extracting indicators, assessing credential compromise,
Strukturierte Sofortmassnahmen bei aktivem Cyber-Vorfall — Hacker-Angriff Ransomware Datenexfiltration Insider-Threat. Phase 1 Sofort-Eindaemmung Netztrennung Forensik-Sicherung.
Guides teams through IT outages and security incidents, providing structured workflows for detection, containment, eradication, and post-mortem analysis.
Incident Response Planner - Auto-activating skill for Security Advanced. Triggers on: incident response planner, incident response planner Part of the Security Advanced skill…
Coordinate security incident response efforts. Includes classification, playbook generation, evidence gathering, and remediation planning.
Investigates insider threat indicators including data exfiltration attempts, unauthorized access patterns, policy
Investigates phishing email incidents from initial user report through header analysis, URL/attachment detonation,
When to use: active or suspected Salesforce org compromise, unauthorized access investigation, attacker containment, forensic evidence collection from EventLogFile/LoginHistory,…
Plan de réponse aux incidents de sécurité — préparation, détection, containment, éradication, recovery et lessons learned.